When Looking For Cybersecurity Solutions, Don’t Shrug Off Startups
As seen on Cybersecurity Insiders
By Brian McMahon
Let’s say you’re looking for some new technology for your business. How do you decide which company you’re going with?
If you’re like many people, you head straight to the Google search bar, where you’ll quickly type in something like “best threat detection software.” The first few results will likely be global enterprises, because they’re the ones with the massive marketing budgets to pay for sponsored results.
Perhaps you head over to Gartner or Forrester to read some analyst reviews. It’s always good to get high-level validation and quadrant/wave placement. However, once again, you’re only looking at corporations that can afford to fund the expensive analyst-approval process.
With either method, you’ll probably find a perfectly fine solution. But doesn’t your business deserve more than fine? Don’t you want a dynamic platform that grows with you, perfectly fits your needs, and doesn’t come with the blown-up price tag of a big-name brand?
That’s why it’s time to start giving startup tech a fair shake.
The rub is that decision-makers have to start somewhere. Every year, five million new businesses join the economy. If you picked up the phone for every new kid in town, you’d never get anything done. And since 90% of startups fail, how do you — as a decision-maker, even know if this new tech will be around in two to three years?
It’s nice to stick with a known commodity, especially when you’re talking about securing your company’s digital framework. But the quest for comfort might be holding your business back.
Startups are famous for being nimble: pivoting to help when customers have pain points and working with specific enterprises to custom-fit their solutions. These startup vendors can start small, build from the ground up without being tied to any specific framework or bloat of legacy frameworks, prove their value, and repeat the process.
Let’s explore why startup tech can be a game-changer in the world of cybersecurity and threat detection:
The problem with traditional analyst reports
I’m not here to rag on big analyst firms. They play a valuable role in our ecosystem. But analyst reports shouldn’t be the only thing you’re considering in the decision-making process.
Analysts are expensive. They also want to see major customer validation before they stick their noses out to review a company. For emerging startups, it’s a classic Catch-22; customers won’t buy your product until Analyst Firm X vets you, but Analyst Firm X won’t vet you until you have an army of customers willing to speak to them.
Analyst relations remind me of standardized tests. They give indications of potential and socioeconomic status, but almost everyone recognizes standardized tests are not indications of actual skills or success.
Put another way, an analyst report is more an indicator of potential success and economic status than an actual evaluation of the product itself. Can companies that analysts vet add value to your business? Yes, but you’ll need more information. Can companies they don’t vet also add value to your company? Also yes.
3 reasons you should try startup cybersecurity tech
Here’s how I’d make the case for incorporating startup vendors into your cybersecurity tech stack:
Big companies are already looking for the “next big thing”
Often, big corporations pay attention to new technologies from startups. When they don’t, they risk being the latest business school case study a la Blockbuster. When they do, they’ll almost always make one of two plays:
- Try not to trip in their own red tape to come up with something – anything – that allows them to exist in that space so they can tell their current customers they have them covered (for a nominal fee, of course). Or….
- Buy a startup to take them out of the market, claim ownership of that tech, and again claim their territory.
Signing on with startup is like getting in on the ground level before the red tape and markups.
“Security through obscurity”
The best way to ensure a robber can’t crack a safe is to make sure he/she doesn’t know a safe exists. In the world of cybersecurity, this concept is known as “security through obscurity.” By choosing startups, companies get access to new protections and technologies threat actors might not be as familiar with yet.
Better pricing
I saved the best for last – and this one’s pretty self-explanatory. As they’re hungry to grow their businesses, startups typically charge lower prices for their tech and services. The brand-name premium hasn’t kicked in, and the savings are passed on to you.
How to vet a startup and its technology
Now, I did mention that 90% of startups fail. So you shouldn’t put the sanctity of your company’s digital infrastructure in the hands of just anyone. Look for a few key indicators of success in your next startup vendor:
Seek out customer repeatability
Don’t just look at who their customers are, but rather at how many they have – and how long they stay. Repeatability is key. If customers are signing on longer than a year or two, it’s a good sign that early adopters are happy.
Pay attention to category disruption
Figure out who the “big players” are copying and understand why. If you see a flurry of new products emerge in a normally stagnant category, it’s almost always because there’s a startup that saw a hole and started filling it. Now the enterprises are scrambling to push out a solution that is often subpar, bloated, and requires their proprietary tech to operate.
Read reviews on neutral sites
Reviews on neutral sites (such as G2 or Capterra) from actual customers are the first stepping stone toward those analyst reports. These reviews often give even more insights into how the company delivers on its promises — and how they’ll treat you as an ongoing customer.
For your next tech decision: don’t overlook the startups
“Startup” shouldn’t be a dirty word when searching for your next vendor, platform, or service provider.
In a broad sense, I could point out that Nike, Walmart, American Airlines, and the famous California garage-borne tech companies were once “startups” too.
Let’s keep it specific to security, though. One of the constants in cybersecurity is just how quickly it all changes. Threat actors aren’t just evil; they’re also incredibly intelligent and talented at what they do. Protecting ourselves requires us to find solutions that are equally nimble and find new ways of thinking about the problems.
If enterprise technology companies are looking to startups for new solutions, I would propose it’s time you should, too.